Text

Computer Programs

The homework assignments, and your project, may require computer
programs. Any computer programs written for this class must be well
documented, cleanly written, and have a manual page or write-up
describing how to use it, its input, and its output. Include sample
runs. If you have C or C++ available, I would prefer you use one of
those; if not, any reasonable computer language is fine.

Course Web Page, Handouts, and Newsgroup

The web page http://wwwcsif.cs.ucdavis.edu/~cs253
contains links to all course handouts (except for the
published/copyrighted papers). They will also be available for anonymous
ftp at ftp://nob.cs.ucdavis.edu /pub/cs253.

Because we have some students without access to the UC Davis campus
newsgroups, information about this class, homework assignments, office
hours, and so forth, will be posted to the web page as well as to the
ucd.class.ecs253 newsgroup. Read this newsgroup (or web page)
daily, especially near the time assignments are due. You are
responsible for everything posted. This newsgroup is not for
discussion about the class, but information from the instructor to
you.

If you want to post things about the class, please use the discussion newsgroup
ucd.class.ecs253.d, or send the instructor a mail message asking that
something be posted. Discussing something in this group is perfectly
fair!

Postings from both newsgroups will be copied to the web page regularly.

Homework

There will be 5 homework assignments. The due date will be on each
assignment.I will try to have your homework graded as quickly as
possible, usually within three class periods after I receive it.

Because this is a graduate class, we'll begin with no penalty for late
homework. (I reserve the right to change this if I feel students are
falling behind.) This class covers a lot of material very quickly, and
if you delay you will probably fall too far behind to catch up easily.
So don't delay - do the homework on time!

Some general notes: if you handwrite your homework, please write
legibly. If I can't read your answer, or understand it, it's wrong.
Please think your answers through before writing them down in final
form; a request for a proof requires a proof, not a statement that
"it's probably right, and here are 15,000 examples to show
it;" a request for a discussion should be treated as an essay
question, with a main theme and arguments for and against the answer.
It is fair to present the factors that affect your answer; it is not
acceptable to begin by giving one answer in the introduction and a
different answer in the conclusion! (Yes, you'll lose points.) And,
always show your work; if you simply write down a correct answer and do
not show how you got that answer, you will not get any credit.

Project

This class requires a term project requiring you to do outside reading,
or apply what we've learned in class to a realistic situation, or
extend your knowledge beyond what is done in class. The project is an
integral part of the course, because it demonstrates you've learned
enough to go beyond what we talked about in class.

The handout Projects
describes the requirements in some detail and suggests possible
projects, as well as the required intermediate reports.

Penetration Analysis Project

I would like students to get a feel for some of the uses to which
computer securty can be put. As part of this, the class will conduct a
penetration analysis of a computer system. More information will be
given on the first Friday of class.

Scribing

Each day, some student will be a scribe, to take notes. When you do
this, send me the notes (in ASCII or latex(1);
write out any equations in a form the reader can understand). I will
review them and then post them to the web page for everyone's use.

Grading

UCD Students:

40% Homework

40% Project

20% In-Class Participation

NTU Students:

50% Homework

50% Project

The Participation points come from two sources. Half (10%) come from
scribing. The other half (10%) come from the Penetration reports.
Because of the week's delay in getting access to the class tapes, NTU
students will not be scribing and may choose not to participate in the
Penetration Analysis Project. More details on opting into the latter
will be available during the first week of class.

Academic Integrity

Please see pages 148-149 of the Spring 1997 Class Schedule and Room
Directory for a general discussion of this.
In particular, for this course:

All work submitted for credit must be your own. You may discuss your
assignments with classmates, with instructors, or with readers in the
course to get ideas or a critique of your ideas, but the ideas and
words you submit must be your own. Unless explicitly stated otherwise
in the assignment, collaboration is considered cheating and will be
dealt with accordingly.

For written homework, you must write up your own solutions and may
neither read nor copy another student's solutions.

For programs, you must create and type in your own code and document it
yourself. Note that you are free to seek help while debugging a
program once it is written.

A good analogy between appropriate discussion and inappropriate
collaboration is the following: you and a fellow student work for
competing software companies developing different products to meet a
given specification. You and your competitor might choose to discuss
product specifications and general techniques employed in your
products, but you certainly would not discuss or exchange proprietary
information revealing details of your products. Ask the instructor
for clarification beforehand if the above rules are not clear.

Penetration Studies: Reports #4,
Detecting the Intruder
Each team will present a report on the intrusion (if any),
what they did to detect the intruder, and what the attacker did once in.Reading: L. T. Heberlein, K. Levitt, and B. Mukherjee,
"A Model to Detect Intrusive Activity in a Networked Environment,"
Proceedings of the Fourteenth National Computer Security Conference
pp. 362-371 (Oct. 1991).

Why a Project?

This course covers a very large discipline, and - perhaps more so than
many other areas of computer science - the discipline of computer
security runs through many other areas. Because the class has a very
limited amount of time, we will only touch the surface of many topics.
The project gives you an opportunity to explore one of these topics, or
some other area or application of computer security that interests you,
in some depth.

Suggestions for How to Proceed

First, choose a topic. Good ways to find a topic are to think about an
area of computer science you enjoy, and try to relate it to computer
security (or vice versa); talk to some other graduate students and see
if what they are doing suggests any ideas; think of ways security of
the system you're working on could be made better; go to the library
and browse for an interesting-looking paper; and so forth. The major
computer security journals are Computers & Security
and Journal of Computer Security,
but articles appear in almost all journals; the major conferences are
Crypto and Eurocrypt (for cryptography), Symposium
on Research in Security and Privacy,
National Computer Security Conference, and the
Annual Computer Security Applications Conference.
If you need more help or have questions, feel free to talk to me.

This term, you may also use the penetration study as your project (see
below). If you do this, you will need to turn in a final report as well
as the interim reports and presentations (if you are not on campus,
don't worry about the presentations).

A Study of the Security of the your.favorite.operating.system
System (check with me on this one!)

Property-based Testing

Electronic Voting Machines and Computer Security

Rights and Amplification of Rights in a Capability System

How the Attackers Do It

Auditing and Logging

Breaking Ciphers with Computers (you will have to narrow this down a
great deal)

What Is Due When

Friday, April 25

By this time you should have chosen your project. Turn in a 2-3 page
writeup of what you want to do, and why; list several sources, and
describe how you plan to go about completing the project. For example,
if you are writing a survey paper, state the theme and in general terms
how you will organize your paper.

Wednesday, May 14

By this time your project should be well underway. Turn in a 3-4 page
description of what you have done, approaches that you took and that
failed, and so forth. For example, for a survey paper, turn in a brief
description of what your references contain, and present a detailed
outline of your paper.